CVE-2026-26137

HIGH WAF: Medium
CVSS 8.9 Published: 2026-03-19
CWE-918

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

References

Back to CVE Database